SIGMA key exchange protocol
E831957
The SIGMA key exchange protocol is a cryptographic protocol designed to provide secure authenticated key exchange with strong security guarantees and has been widely used as the basis for protocols like IKE in IPsec.
All labels observed (1)
| Label | Occurrences |
|---|---|
| SIGMA key exchange protocol canonical | 1 |
Statements (48)
| Predicate | Object |
|---|---|
| instanceOf |
authenticated key exchange protocol
ⓘ
cryptographic key exchange protocol ⓘ security protocol ⓘ |
| addressesWeaknessOf | naive signed Diffie–Hellman ⓘ |
| considered | a de facto standard design for authenticated Diffie–Hellman protocols ⓘ |
| designedFor |
authenticated key exchange
ⓘ
key establishment ⓘ mutual authentication ⓘ |
| developedInField | applied cryptography ⓘ |
| hasAcronym | SIGMA NERFINISHED ⓘ |
| hasDesignFeature |
identity protection
ⓘ
protection of identities under passive eavesdropping ⓘ separation of authentication and key confirmation ⓘ sign-then-MAC structure ⓘ support for certificate-based authentication ⓘ support for public-key signatures ⓘ |
| hasFullName | SIGn-and-MAc key exchange protocol NERFINISHED ⓘ |
| hasMessageFlow | two-pass Diffie–Hellman exchange with authenticated payloads ⓘ |
| hasProperty |
binds session keys to authenticated identities
ⓘ
binds session keys to protocol transcript ⓘ supports mutual authentication in standard variants ⓘ supports negotiation of cryptographic algorithms ⓘ supports unilateral authentication in some variants ⓘ |
| hasSecurityGoal |
key indistinguishability
ⓘ
resistance to reflection attacks ⓘ resistance to replay attacks ⓘ strong security under active attacks ⓘ |
| hasSecurityModel | provable security in the Bellare–Rogaway style model ⓘ |
| hasVariant |
SIGMA with identity protection
ⓘ
SIGMA-I NERFINISHED ⓘ SIGMA-R NERFINISHED ⓘ |
| improvesOn | Station-to-Station (STS) protocol NERFINISHED ⓘ |
| inspired | Internet Key Exchange (IKE) NERFINISHED ⓘ |
| providesProperty |
explicit entity authentication
ⓘ
forward secrecy ⓘ resistance to identity misbinding ⓘ resistance to key-compromise impersonation ⓘ resistance to man-in-the-middle attacks ⓘ |
| relatedTo | Station-to-Station (STS) protocol NERFINISHED ⓘ |
| usedAsBasisFor |
Internet Key Exchange version 1 (IKEv1)
NERFINISHED
ⓘ
Internet Key Exchange version 2 (IKEv2) NERFINISHED ⓘ |
| usedInContext |
IPsec
NERFINISHED
ⓘ
secure channel establishment ⓘ virtual private networks ⓘ |
| usesPrimitive |
Diffie–Hellman key exchange
NERFINISHED
ⓘ
cryptographic hash functions ⓘ digital signatures ⓘ message authentication codes ⓘ |
Referenced by (1)
Full triples — surface form annotated when it differs from this entity's canonical label.